You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tubemq.apache.org by gx...@apache.org on 2020/07/27 03:36:54 UTC
[incubator-tubemq-website] 01/01: [TUBEMQ-304] Update how-to-verify
This is an automated email from the ASF dual-hosted git repository.
gxcheng pushed a commit to branch TUBEMQ-304
in repository https://gitbox.apache.org/repos/asf/incubator-tubemq-website.git
commit 6e2a1340097d9b06dc7a1d7831511a11c1c51ff5
Author: Guangxu Cheng <gx...@apache.org>
AuthorDate: Mon Jul 27 11:29:59 2020 +0800
[TUBEMQ-304] Update how-to-verify
---
docs/en-us/development/how-to-verify.md | 60 +++++++++++++++++++++++++++++++--
docs/zh-cn/development/how-to-verify.md | 60 +++++++++++++++++++++++++++++++--
2 files changed, 114 insertions(+), 6 deletions(-)
diff --git a/docs/en-us/development/how-to-verify.md b/docs/en-us/development/how-to-verify.md
index ed8d905..e8dae4d 100644
--- a/docs/en-us/development/how-to-verify.md
+++ b/docs/en-us/development/how-to-verify.md
@@ -26,9 +26,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
### 2.2 检查gpg签名
- 导入公钥
```shell
- curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS
+ curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS
gpg --import KEYS # 导入KEYS到本地
```
+ - 信任公钥
+ > 信任此次版本所使用的KEY
+ ```shell
+ gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY
+ gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc.
+ This is free software: you are free to change and redistribute it.
+ There is NO WARRANTY, to the extent permitted by law.
+
+ Secret key is available.
+
+ sec rsa4096/5EF3A66D57EC647A
+ created: 2020-05-19 expires: never usage: SC
+ trust: ultimate validity: ultimate
+ ssb rsa4096/17628566FEED6AF7
+ created: 2020-05-19 expires: never usage: E
+ [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+
+ gpg> trust #信任
+ sec rsa4096/5EF3A66D57EC647A
+ created: 2020-05-19 expires: never usage: SC
+ trust: ultimate validity: ultimate
+ ssb rsa4096/17628566FEED6AF7
+ created: 2020-05-19 expires: never usage: E
+ [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+
+ Please decide how far you trust this user to correctly verify other users' keys
+ (by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I don't know or won't say
+ 2 = I do NOT trust
+ 3 = I trust marginally
+ 4 = I trust fully
+ 5 = I trust ultimately
+ m = back to the main menu
+
+ Your decision? 5 #选择5
+ Do you really want to set this key to ultimate trust? (y/N) y #选择y
+
+ sec rsa4096/5EF3A66D57EC647A
+ created: 2020-05-19 expires: never usage: SC
+ trust: ultimate validity: ultimate
+ ssb rsa4096/17628566FEED6AF7
+ created: 2020-05-19 expires: never usage: E
+ [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+
+ gpg>
+
+ sec rsa4096/5EF3A66D57EC647A
+ created: 2020-05-19 expires: never usage: SC
+ trust: ultimate validity: ultimate
+ ssb rsa4096/17628566FEED6AF7
+ created: 2020-05-19 expires: never usage: E
+ [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+ ```
- 使用如下命令检查签名
```shell
for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done
@@ -39,7 +93,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz
```
- 检查结果
-出现类似以下内容则说明签名正确,关键字:`Good signature`
+ > 出现类似以下内容则说明签名正确,关键字:**`Good signature`**
```shell
apache-tubemq-0.3.0-incubating-src.tar.gz
gpg: Signature made Sat May 30 11:45:01 2020 CST
@@ -79,4 +133,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done
- 能否正常部署成功
- 部署测试环境、验证生产消费能否正常运行
- 验证你认为可能会出问题的地方
- - ....
+ - ....
\ No newline at end of file
diff --git a/docs/zh-cn/development/how-to-verify.md b/docs/zh-cn/development/how-to-verify.md
index 6294e70..bb26b29 100644
--- a/docs/zh-cn/development/how-to-verify.md
+++ b/docs/zh-cn/development/how-to-verify.md
@@ -24,9 +24,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
### 2.2 检查gpg签名
- 导入公钥
```shell
- curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS
+ curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS
gpg --import KEYS # 导入KEYS到本地
```
+ - 信任公钥
+ > 信任此次版本所使用的KEY
+ ```shell
+ gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY
+ gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc.
+ This is free software: you are free to change and redistribute it.
+ There is NO WARRANTY, to the extent permitted by law.
+
+ Secret key is available.
+
+ sec rsa4096/5EF3A66D57EC647A
+ created: 2020-05-19 expires: never usage: SC
+ trust: ultimate validity: ultimate
+ ssb rsa4096/17628566FEED6AF7
+ created: 2020-05-19 expires: never usage: E
+ [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+
+ gpg> trust #信任
+ sec rsa4096/5EF3A66D57EC647A
+ created: 2020-05-19 expires: never usage: SC
+ trust: ultimate validity: ultimate
+ ssb rsa4096/17628566FEED6AF7
+ created: 2020-05-19 expires: never usage: E
+ [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+
+ Please decide how far you trust this user to correctly verify other users' keys
+ (by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I don't know or won't say
+ 2 = I do NOT trust
+ 3 = I trust marginally
+ 4 = I trust fully
+ 5 = I trust ultimately
+ m = back to the main menu
+
+ Your decision? 5 #选择5
+ Do you really want to set this key to ultimate trust? (y/N) y #选择y
+
+ sec rsa4096/5EF3A66D57EC647A
+ created: 2020-05-19 expires: never usage: SC
+ trust: ultimate validity: ultimate
+ ssb rsa4096/17628566FEED6AF7
+ created: 2020-05-19 expires: never usage: E
+ [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+
+ gpg>
+
+ sec rsa4096/5EF3A66D57EC647A
+ created: 2020-05-19 expires: never usage: SC
+ trust: ultimate validity: ultimate
+ ssb rsa4096/17628566FEED6AF7
+ created: 2020-05-19 expires: never usage: E
+ [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+ ```
- 使用如下命令检查签名
```shell
for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done
@@ -37,7 +91,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz
```
- 检查结果
-出现类似以下内容则说明签名正确,关键字:`Good signature`
+ > 出现类似以下内容则说明签名正确,关键字:**`Good signature`**
```shell
apache-tubemq-0.3.0-incubating-src.tar.gz
gpg: Signature made Sat May 30 11:45:01 2020 CST
@@ -77,4 +131,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done
- 能否正常部署成功
- 部署测试环境、验证生产消费能否正常运行
- 验证你认为可能会出问题的地方
- - ....
+ - ....
\ No newline at end of file